RELEASE NOTES

Product Description

The Identity Management (IdM) Framework enables users and groups provisioning between SafeNet Trusted Access (STA) and other third-party applications and directories.

The solution uses dedicated identity connectors for connecting to different directories, to automatically create, update, and remove users and groups.

For a list of existing issues as of the latest release, refer to Known Issues.

Release Description

01/11/2024

Identity Management Framework 1.2.0 General Availability. This release introduces support for the following features:

• CSV Connector - Support of the CSV connector enables synchronization of users from a CSV file to SafeNet Trusted Access through IdM Framework. For more information, refer to the documentation.

• Deployment of Identity Management Framework as a cloud solution IdM Framework is enhanced to be deployed as a containerized solution on cloud providers. It is now compatible for deployment over the following platforms:

  • Google Cloud Platform - Google Kubernetes Engine (GCP GKE)

  • Amazon Web Services (AWS) Elastic Beanstalk

• Improved branding of IdM Framework.

Upgrade from Identity Management Framework 1.1.0 to 1.2.0 is not supported.

The solution is tested for the following connectors:

• SafeNet Trusted Access IdM Connector
• Active Directory Connector (LDAP)
• Microsoft Entra ID (Graph API) Connector
• CSV Connector

06/22/2023

Identity Management Framework 1.1.0 General Availability. This release introduces support for the following features:

• Dockerized solution - It will enable organizations to deploy IdM Framework as a docker container. The capability to run IdM Framework over https is also included in this release.
The container will have the following pre-deployed connectors:

• Microsoft Graph API Connector - For Microsoft Entra ID
• Active Directory Connector (LDAP)
• SafeNet Trusted Access IdM Connector
• Multi-domain synchronization - The complete solution is tested at the forest level, which consists of a forest root domain, its subdomain/child domain (for example, mytestdomain.org is a forest domain and child.mytestdomain.org is its subdomain or child domain), and a tree root domain (for example, mydemodomain.org). For executing setup with more domain controllers, contact Thales Support.
  The Group type must be Universal when there is tree-root trust between two domains.
  

04/14/2023

Identity Management Framework 1.0.0 General Availability. This release introduces support for the following features:

• Bidirectional synchronization - Bidirectional synchronization of users and groups i.e. write back to the source directory, is supported for:
  • Microsoft Entra ID as a source.
  • Microsoft Active Directory as a source.
• Group inclusion list (Group filtering) - This provides the capability to filter the groups that need to be synchronized to STA. For this, you need to provide a list of groups in the synchronization condition of the connector configuration. Only those groups will be synchronized to STA that are mentioned in the list. Also, only the users that are members of these groups will be synchronized to STA.
• Multi-domain synchronization - Added the support of synchronizing the users and groups from two domain controllers (tested with one parent and one child domain controller of a domain in a single forest). For configuration-related queries, contact Thales Support.

Known Issues

This table provides a list of the known issues as of the latest release.

Issue	Synopsis
AINT - 8461	Summary: Tasks for users are not working for the Microsoft Entra ID connector, when used with user filtering script in synchronization condition while configuring the connector. Workaround: Use case 1 : If all the users and groups present in Microsoft Entra ID need to be synchronized to STA, then there is no need to use the filtering scripts for user and groups. In this case, the import tasks will work as expected. Use case 2: If a subset of users and groups present in Microsoft Entra ID need to be synchronized to STA, then you need to use the filtering scripts for users and groups. In this case, the import task for a user will not work. For importing the desired users, you need to select all users on the accounts page of your connector and then click import.
AINT - 8740	Summary: The "User is already a member of the group" error occurs when updating a user using the Live synchronization task in Active Directory. The error is intermittent.
AINT - 8762	Summary: While deleting a user in AD, the user will not be deleted from the IdM Framework and STA. Workaround: Use case 1: If you only want to delete a user from STA, go to the Users tab in IdM Framework, select the user to be deleted, and click Delete. Use case 2: If you want to delete a user from both STA and AD, enable the Delete feature from the Capabilities section of the AD connector. Go to the Users tab in IdM Framework, select the user to be deleted, and click Delete.
AINT - 8756	Summary: In a multidomain environment for AD, the Live Synchronization task is not working as expected. In this operation, it is observed that sometimes the child domain is synchronizing the users of the parent domain or vice versa. In this scenario, all the users and groups are distinct. Workaround: To run the Live Synchronization tasks successfully, you need to run all of them separately. First, run the task for the Parent domain. Once all the changes are processed, close and delete the task. Now, run the task for the Child domain and after all the changes are processed, close and delete the task.
AINT - 9223	Summary: In a multidomain AD environment, Import task for child domains is not working. A Child domain is skipping importing of users and groups. Workaround: For child domains, you need to import users and groups manually.